iPad

iOS

Jailbreak

Cydia

There is a new trojan horse for Macintosh. Be very careful what you enter your password for.

Another trojan has been unleashed onto the internet that affects Mac users. The name is Flashback.C. The trojan will execute under normal circumstances as when you download a .dmg file and run it. It will disguise itself as an Adobe Flash Player installation. Once it prompts you with your password, you better make sure that you downloaded the file from Adobe's website yourself, otherwise, close it immediately and eject the image and delete the disk image file (.dmg). I never recommend installing any updates automatically because files in your system can be tricked into downloading from inconspicuous sources (we here at modmyi know just how easy it is to trick a server – we do it with Cydia all the time). When installing an update, I recommend only downloading directly from the legitimate site itself. If you are aware that there is an Adobe Flash Player update, just go to Adobe's site and download the .dmg file from them directly, then install it over what you have already. If you need a link, then download Adobe Flash Player from here, and don't download it from anywhere else. This will ensure your security – or at least more so than just trusting a random popup that says you have an Adobe Flash Player update.

This specific trojan horse, once installed, will wipe out files necessary for the malware definition updating process to run properly. This will leave your Mac vulnerable to malware. Again, I highlight the word 'malware' because Macs are armed with built in protection from malware which is anti-virus grade protection from malware. Malware only. To date, there has never been a successful virus launch for Mac OS X. Malware patches are offered by Apple regularly, and Trojan Horses occur maybe once or twice a year at best. Worms for Mac OS X are very rare. If you insist on saying that they're all the same and that Mac OS X has indeed had viruses – you can read about the differences here. Apple swiftly deals a lethal blow to many of these security threats and the Mac continues to act as though nothing ever happened. When referring to anything that can do harm to your computer, remember that infections have categories and that just because what it does is bad doesn't make it a virus.

Mac OS X Snow Leopard and Mac OS X Lion operate on the same security channel, getting updates from the same server with the same files. This means that anything that affects one operating system will affect the other. If you have the application LittleSnitch installed on your Mac, Flashback.C will automatically self-terminate itself before it does its malicious deed.

Again, the best way to fight this new infection is to be aware of everything that is being downloaded into your computer and to understand its source. If you believe that you might have been infected by this trojan, or if you are just a worry wart that wants to make sure they haven't contracted it by mistake, F-Secure has instructions here on how to look for and remove Flashback.C. Good luck and stay safe!

.app is an application.
.dmg is a disk image (a notion Windows users have trouble grasping)
.sea is a self extracting archive which is like an app because it doesn't require another app to extract the compressed file it contains.
I rarely see .sea anymore because developers release their apps on dmg's or they are compressed as plain stuffit archives or gz.

Not that I don't grasp the idea; a Mac/Windows user myself, I understand that completely. I refer to them as Mac executable counterparts actually for that exact reason. Windows users will understand the concept better.

Not that I don't grasp the idea; a Mac/Windows user myself, I understand that completely. I refer to them as Mac executable counterparts actually for that exact reason. Windows users will understand the concept better.

That was not directed at you personally. I had no idea of your operating system

I thought I infected my MBP with it since the Adobe Flash wanted to update a few times. I thought it was strange at the time but updated anyway. When I read this post I figured I infected my computer and went to look for the string of code in the .plist for Safari but couldn't find it. Does that mean I'm not infected or what? Also, I installed LittleSnitch, which if I do have the trojan it would be too late anyhow, but now I can't quit or uninstall it. Amidoinitrong? :no idea:

EDIT: Found the uninstaller option in the .dmg but still unsure if I'm infected.

If you are running the new version of flash (11) it no longer updates though the installer. It has a section in system preferences that is used to update.

That is incorrect. The Check Now button in the PrefPane simply sends you to an Adobe downloads page. It (the page) doesn't even bother to sniff your player version and tell you if you need the update or not. Furthermore, up until a few weeks ago, the certificate for the page was wrong and would cause Safari to throw an error dialog.

I've always referred to .Dmg files as Mac executable files. Do you call them something different?

executable or disk image Anthony refereed in the article as a (dmg) when I was reading and saw "executable" I was a little confused but then he specified (dmg) i knew what he was talking about if you have a mac you should know mac os sees the file in other language, here the point is not the file type is to mac users know there is a worm out there I'm gonna be aware and I won't update my Adobe Flash automatically!! Thank you Anthony for the article!

I thought I infected my MBP with it since the Adobe Flash wanted to update a few times. I thought it was strange at the time but updated anyway. When I read this post I figured I infected my computer and went to look for the string of code in the .plist for Safari but couldn't find it. Does that mean I'm not infected or what? Also, I installed LittleSnitch, which if I do have the trojan it would be too late anyhow, but now I can't quit or uninstall it. Amidoinitrong? :no idea:

EDIT: Found the uninstaller option in the .dmg but still unsure if I'm infected.

If you can't find the details necessary to remove it then you should be fine.

I thought I infected my MBP with it since the Adobe Flash wanted to update a few times. I thought it was strange at the time but updated anyway. When I read this post I figured I infected my computer and went to look for the string of code in the .plist for Safari but couldn't find it. Does that mean I'm not infected or what? Also, I installed LittleSnitch, which if I do have the trojan it would be too late anyhow, but now I can't quit or uninstall it. Amidoinitrong? :no idea:

EDIT: Found the uninstaller option in the .dmg but still unsure if I'm infected.

if it looked like that standard adobe AIR style installer, then you're fine. this looks like a pkg installer. I thought it did the same thing when I read this.